| Description: | Summary:
The remote host is missing an update for the Debian 'openssl' package(s) announced via the DSA-3500-1 advisory.
Vulnerability Insight:
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.
CVE-2016-0702
Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. This could allow local attackers to recover RSA private keys.
CVE-2016-0705
Adam Langley from Google discovered a double free bug when parsing malformed DSA private keys. This could allow remote attackers to cause a denial of service or memory corruption in applications parsing DSA private keys received from untrusted sources.
CVE-2016-0797
Guido Vranken discovered an integer overflow in the BN_hex2bn and BN_dec2bn functions that can lead to a NULL pointer dereference and heap corruption. This could allow remote attackers to cause a denial of service or memory corruption in applications processing hex or dec data received from untrusted sources.
CVE-2016-0798
Emilia Kasper of the OpenSSL development team discovered a memory leak in the SRP database lookup code. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to the SRP_VBASE_get1_by_user function.
CVE-2016-0799, CVE-2016-2842 Guido Vranken discovered an integer overflow in the BIO_*printf functions that could lead to an OOB read when printing very long strings. Additionally the internal doapr_outch function can attempt to write to an arbitrary memory location in the event of a memory allocation failure. These issues will only occur on platforms where sizeof(size_t) > sizeof(int) like many 64 bit systems. This could allow remote attackers to cause a denial of service or memory corruption in applications that pass large amounts of untrusted data to the BIO_*printf functions.
Additionally the EXPORT and LOW ciphers were disabled since they could be used as part of the DROWN (CVE-2016-0800) and SLOTH (CVE-2015-7575) attacks, but note that the oldstable (wheezy) and stable (jessie) distributions are not affected by those attacks since the SSLv2 protocol has already been dropped in the openssl package version 1.0.0c-2.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u20.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u4.
For the unstable distribution (sid), these problems will be fixed shortly.
We recommend that you upgrade your openssl packages.
Affected Software/OS:
'openssl' package(s) on Debian 7, Debian 8.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
